More Transparency and Security for Apps on Mobile Devices

Apps run on smartphones and tablets are more of a blessing than a curse. One reason being that those that are ad-financed are free to use – but a curse they can be.

There is more than one issue when it comes to apps on mobile devices: for one, some require to grant rights in the device settings which are privacy sensitive. These rights are not always necessary for the apps to run smoothly but can amount to commercial espionage on user behavior or the upload of privately stored content by the users – photos, files, and so on.

Secondly, when it comes to Google Market, for instance, the distributor is not always indicated in the ‘developer contact’ section as part of the app description. When comparing the transparency as to the Apple Store with that of the Google Market, the rights granted to the apps can be better selected on Google-developed Android than on Apple’s operating system. On the other hand, there is sometimes no more than a free email address to be found on Google Market’s description of individual apps offered to download.

This lack of requisition can be explained by the goal of hosting a larger number of software applications, but at a time when artificial intelligence can perform tasks previously unthought of, such as synthesized images and other artificial near-magic, users should be put in a position to better decide whom to grant their biometrics and access to data.

Granted, a full company address does not always guarantee sufficient transparency, but Policyinstitute.net has found mediocre, obviously amateurish religious, but also state-of-the-art image-processing applications, the latter possibly developed by affiliates of big companies. Some required users to both grant excessive technical rights or access to devices’ private file system or user history.

As it turns out, the laudable step by Google to let users tailor those rights, to withdraw them, and to empty the app cache, is but a compromise, the reason being that most users will not be sufficiently versed, informed, or motivated to do so. For the sake of data protection, it would be more than a welcome step for Google to require app developers to indicate a full company address and official email, and for both Google and Apple to require developers to only have users grant technical rights if that is necessary to run individual apps, and only for the time the apps are operated.

Thorsten Koch, MA, PgDip
Policyinstitute.net
10 May 2023

Author: author

Leave a Reply

Your email address will not be published. Required fields are marked *